Vulnerabilities > Citrix > Netscaler Gateway

DATE CVE VULNERABILITY TITLE RISK
2024-01-17 CVE-2023-6549 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Citrix products
Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and Out-Of-Bounds Memory Read
network
low complexity
citrix CWE-119
7.5
2024-01-17 CVE-2023-6548 Code Injection vulnerability in Citrix products
Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.
network
low complexity
citrix CWE-94
8.8
2023-10-27 CVE-2023-4967 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Citrix products
Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual Server
network
low complexity
citrix CWE-119
7.5
2023-10-10 CVE-2023-4966 Unspecified vulnerability in Citrix products
Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server. 
network
low complexity
citrix
7.5
2023-07-19 CVE-2023-3466 Cross-site Scripting vulnerability in Citrix products
Reflected Cross-Site Scripting (XSS)
network
low complexity
citrix CWE-79
6.1
2023-07-19 CVE-2023-3467 Unspecified vulnerability in Citrix products
Privilege Escalation to root administrator (nsroot)
low complexity
citrix
8.0
2023-07-19 CVE-2023-3519 Code Injection vulnerability in Citrix products
Unauthenticated remote code execution
network
low complexity
citrix CWE-94
critical
9.8
2021-08-05 CVE-2021-22919 Allocation of Resources Without Limits or Throttling vulnerability in Citrix products
A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO.
network
low complexity
citrix CWE-770
7.5
2021-08-05 CVE-2021-22927 Session Fixation vulnerability in Citrix products
A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to hijack a session.
network
low complexity
citrix CWE-384
8.1
2021-06-16 CVE-2020-8299 Resource Exhaustion vulnerability in Citrix products
Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-of-service from within the same Layer 2 network segment.
low complexity
citrix CWE-400
6.5